diff --git a/ChangeLog b/ChangeLog index 48b28d3374..87bee36078 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ Wed Aug 30 11:31:47 2000 Nobuyoshi Nakada * ext/Win32API/Win32API.c (Win32API_initialize): add the arguments checking. + * ext/Win32API/Win32API.c (Win32API_initialize): add taint + checking. allow String object in the third argument. + Wed Aug 30 10:29:40 2000 Masahiro Tomita * io.c (rb_f_p): flush output buffer. diff --git a/ext/Win32API/Win32API.c b/ext/Win32API/Win32API.c index d62e60e2f3..6558e38278 100644 --- a/ext/Win32API/Win32API.c +++ b/ext/Win32API/Win32API.c @@ -48,10 +48,13 @@ Win32API_initialize(self, dllname, proc, import, export) VALUE str; VALUE a_import; VALUE *ptr; + char *s; int i; int len; int ex; + Check_SafeStr(dllname); + Check_SafeStr(proc); hdll = LoadLibrary(RSTRING(dllname)->ptr); if (!hdll) rb_raise(rb_eRuntimeError, "LoadLibrary: %s\n", RSTRING(dllname)->ptr); @@ -70,11 +73,13 @@ Win32API_initialize(self, dllname, proc, import, export) rb_iv_set(self, "__proc__", UINT2NUM((unsigned long)hproc)); a_import = rb_ary_new(); - if (!NIL_P(import)) { - Check_Type(import, T_ARRAY); + switch (TYPE(import)) { + case T_NIL: + break; + case T_ARRAY: ptr = RARRAY(import)->ptr; for (i = 0, len = RARRAY(import)->len; i < len; i++) { - Check_Type(ptr[i], T_STRING); + Check_SafeStr(ptr[i]); switch (*(char *)RSTRING(ptr[i])->ptr) { case 'N': case 'n': case 'L': case 'l': rb_ary_push(a_import, INT2FIX(_T_NUMBER)); @@ -87,13 +92,31 @@ Win32API_initialize(self, dllname, proc, import, export) break; } } + break; + default: + Check_SafeStr(import); + s = RSTRING(import)->ptr; + for (i = 0, len = RSTRING(import)->len; i < len; i++) { + switch (*s++) { + case 'N': case 'n': case 'L': case 'l': + rb_ary_push(a_import, INT2FIX(_T_NUMBER)); + break; + case 'P': case 'p': + rb_ary_push(a_import, INT2FIX(_T_POINTER)); + break; + case 'I': case 'i': + rb_ary_push(a_import, INT2FIX(_T_INTEGER)); + break; + } + } + break; } rb_iv_set(self, "__import__", a_import); if (NIL_P(export)) { ex = _T_VOID; } else { - Check_Type(export, T_STRING); + Check_SafeStr(export); switch (*RSTRING(export)->ptr) { case 'V': case 'v': ex = _T_VOID; diff --git a/version.h b/version.h index 4008e6b938..5fcfd6eea0 100644 --- a/version.h +++ b/version.h @@ -1,4 +1,4 @@ #define RUBY_VERSION "1.6.0" -#define RUBY_RELEASE_DATE "2000-08-29" +#define RUBY_RELEASE_DATE "2000-08-30" #define RUBY_VERSION_CODE 160 -#define RUBY_RELEASE_CODE 20000829 +#define RUBY_RELEASE_CODE 20000830